[ISN] Illiterate Trojan found in wild

From: InfoSec News (isn@private)
Date: Wed Jun 09 2004 - 03:06:24 PDT

  • Next message: InfoSec News: "[ISN] The ease of (ab)using X11, Part 2"

    By Nick Farrell
    09 June 2004
    SEVERAL COPIES of a two-stage Trojan virus, which uses an exploit to
    download and execute an encoded visual basic script from a website,
    have been seen in the wild.
    According to security firm MessageLabs it has intercepted several
    copies of a new Trojan this week although there are no other
    indications that it will be a major problem.
    No-one has come up with a name for it yet, although judging by the way
    it works, perhaps illiterate might be a good title. It appears in an
    email with a header which seems to have been penned by someone to whom
    English is a foreign language.
    It creates an executable file which appears to download a malicious
    program from the same website as the original script.
    Early indications suggest that this is similar to previous attacks
    where Trojans have been used to install key loggers and password
    stealers. For the record, don't open any emails with the following
    Subject: about the thing we talked last week.. 
    Hello , This is the letter I told ill wrote for ya.. 
    Here is it.. like you asked for me 2 days ago
    Hey whatsup remember me? 
    please , asnwer me.. you dont answer for me like 5 weeks allready.
    Re: Hello 
    the email from 2 days ago.. here is my replay..
    whats wrong with you ? why you dont answer to my emails? 
    why you dont answer to my emails.., whats wrong ?
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Wed Jun 09 2004 - 04:31:43 PDT